The value doesn't show up in the URL as you are redirecting the user back to the referring URL... so only the referrer will be shown (unless the redirecting script breaks :) ) Dan ----------------------------------------------------- Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -----Original Message----- From: tedd [mailto:tedd@xxxxxxxxxxxx] Sent: 17 March 2006 14:30 To: php-general@xxxxxxxxxxxxx; Rafael Subject: Re: Re: setcookie security concerns [medium] Rafael: >><?php >>$thestyle= htmlentities($_POST['thestyle']); >>setcookie ('thestyle', $set, time()+31536000, '/', '', 0); >>header("Location: $HTTP_REFERER"); >>?> > > Actually, you receive $set via GET, so you should use $_GET >instead of $_POST. Yes, you are correct. In my example -- http://www.sperling.com/examples/styleswitch/ -- the value doesn't look like it is being added to the url and thus I mistakenly thought it was a POST. I wonder why the value isn't apparently attached to the url in this case? tedd -- ---------------------------------------------------------------------------- ---- http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
